Adobe streamlines Flash Player updates by going silent
And it drops Flash support for Microsoft's IE6
Computerworld - Adobe yesterday released Flash Player 11.2, adding silent updating to speed patching of "zero-day" vulnerabilities in the Windows edition.
"Improving the update process is probably the single most important challenge we can tackle for our customers at this time," Peleus Uhley, a senior security researcher at Adobe, said in a Tuesday blog entry.
On Windows -- silent update will come to the Mac later, the company said -- Flash Player 11.2 checks for security updates, then downloads and installs them without bothering the user.
The background update tool pings Adobe's servers every hour until it gets a response. If it reaches Adobe and finds no ready update, the tool re-checks the servers 24 hours later.
The updater's default setting can be changed so that Flash Player continues to notify the user when updates are available.
Like Mozilla's Firefox, which is also working toward silent updates, Flash Player relies on a customized Windows service to automatically install patches without displaying a User Account Control (UAC) prompt in Windows Vista and Windows 7.
Flash Player 11.2's background updater refreshes both versions of the Windows plug-in: The one used by Microsoft's Internet Explorer and the one for all other browsers. "This will solve the problem of end-users having to update Flash Player for Internet Explorer separately from Flash Player for their other browsers," Uhley said.
Chrome is the exception, since Google's browser includes Flash Player; Chrome's own update mechanism will continue to handle Flash patches.
Everyone could use a break from manually patching Flash Player. Adobe has already rolled out two batches of fixes this year, most recently on March 5, and it patched Flash nine different times in 2011.
Uhley cautioned that not every update would use the new mechanism.
"We will be making the decision to silently install on a case-by-case basis," said Uhley, who hinted that it would primarily be used to distribute patches for zero-day vulnerabilities where time is of the essence.
Adobe acknowledged that it's following Chrome's footsteps in silent updating. "This model for updating users is similar to the Google Chrome update experience, and Google has had great success with this approach," said Uhley. "We are hoping to have similar success."
Also yesterday, Adobe said it was demoting Flash Player on Internet Explorer 6 (IE6), the browser that Microsoft has been trying to kill for more than two-and-a-half years.
"Adobe will be dropping support for Internet Explorer 6 starting with today's release of Flash Player 10.3," said Uhley.
Future versions of Flash Player 10.3 will probably run on IE6 -- installation of the ActiveX control on the nearly-11-year-old browser won't be blocked -- but Adobe will no longer guarantee that Flash will work on the aged application.
Flash Player 11.2 for Windows can be downloaded from Adobe's website.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is firstname.lastname@example.org.
Read more about Security in Computerworld's Security Topic Center.
- The State of Video Conferencing Security Video conferencing equipment, found in almost every boardroom around the world, may be opening up companies to serious security breaches. This paper explains...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Cybersecurity for Dummies eBook This book provides an in-depth examination of real-world attacks and APTs, the shortcomings of legacy security solutions, the capabilities of next-generation firewalls, and...
- 10 Things Your Next Firewall Must do Next-Generation Firewalls Defined
- What are the desktop virtualization market trends and how can you successfully deploy your solution? You've probably heard about desktop virtualization -- and some of its benefits -- things like tighter security, streamlined management and lower costs. But...
- The Value of Symantec NetBackup Appliances In this video, Symantec's Shelley Schmokel, Principal Product Manager for NetBackup Appliances, talks about the NetBackup Integrated Appliances and how they deliver enterprise-class... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!